fix sniffer crash with reassembly processing

2015-08-20 13:33:44 -07:00 · 2015-08-20 13:33:44 -07:00 · a93aa8972e
commit a93aa8972e
parent a47af476d1
1 changed files with 13 additions and 11 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -2617,30 +2617,32 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
    word32*        length = (session->flags.side == WOLFSSL_SERVER_END) ?
                               &session->sslServer->buffers.inputBuffer.length :
                               &session->sslClient->buffers.inputBuffer.length;
-    byte*          myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
-                                session->sslServer->buffers.inputBuffer.buffer :
-                                session->sslClient->buffers.inputBuffer.buffer;
-    word32       bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
-                            session->sslServer->buffers.inputBuffer.bufferSize :
-                            session->sslClient->buffers.inputBuffer.bufferSize;
+    byte**         myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
+                               &session->sslServer->buffers.inputBuffer.buffer :
+                               &session->sslClient->buffers.inputBuffer.buffer;
+    word32*       bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
+                           &session->sslServer->buffers.inputBuffer.bufferSize :
+                           &session->sslClient->buffers.inputBuffer.bufferSize;
    SSL*               ssl  = (session->flags.side == WOLFSSL_SERVER_END) ?
                            session->sslServer : session->sslClient;
    
    while (*front && ((*front)->begin == *expected) ) {
-        word32 room = bufferSize - *length;
+        word32 room = *bufferSize - *length;
        word32 packetLen = (*front)->end - (*front)->begin + 1;

-        if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
+        if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
            if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
                SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
                return 0;
            }
+            room = *bufferSize - *length;   /* bufferSize is now bigger */
        }
        
        if (packetLen <= room) {
            PacketBuffer* del = *front;
+            byte*         buf = *myBuffer;
            
-            XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
+            XMEMCPY(&buf[*length], (*front)->data, packetLen);
            *length   += packetLen;
            *expected += packetLen;
            
@ -2654,9 +2656,9 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
            break;
    }
    if (moreInput) {
-        *sslFrame = myBuffer;
+        *sslFrame = *myBuffer;
        *sslBytes = *length;
-        *end      = myBuffer + *length;
+        *end      = *myBuffer + *length;
    }
    return moreInput;
 }